Csrf does not work unless unit test are run #49000
Comments
jcrangon
changed the title
|
Are you using Axios on your front end to make requests? If so check the Axios version you are using. If it is >= 1.6.0 the issue might be that Axios fixed a CVE which resulted in them no longer reading the |
|
Hi there, Thanks for reporting but it looks like this is a question which can be asked on a support channel. Please only use this issue tracker for reporting bugs with the library itself. If you have a question on how to use functionality provided by this repo you can try one of the following channels: However, this issue will not be locked and everyone is still free to discuss solutions to your problem! Thanks. |
|
Hello
Ok i will do that
Thanks you
Le mar. 14 nov. 2023, 18:36, Dries Vints ***@***.***> a
écrit :
… Hi there,
Thanks for reporting but it looks like this is a question which can be
asked on a support channel. Please only use this issue tracker for
reporting bugs with the library itself. If you have a question on how to
use functionality provided by this repo you can try one of the following
channels:
- Laracasts Forums <https://laracasts.com/discuss>
- Laravel.io Forums <https://laravel.io/forum>
- StackOverflow <https://stackoverflow.com/questions/tagged/laravel>
- Discord <https://discordapp.com/invite/KxwQuKb>
- Larachat <https://larachat.co>
- IRC <https://web.libera.chat/?nick=laravelnewbie&channels=#laravel>
However, this issue will not be locked and everyone is still free to
discuss solutions to your problem!
Thanks.
—
Reply to this email directly, view it on GitHub
<#49000 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF233BREAWZDVSG7C45T6V3YEOT2NAVCNFSM6AAAAAA7KVMC6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJQG43TINRYGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I do use axios superior to 1.6
I do get the XsrfToken on thé Reply in a cookie en en though thé status
code ils a 419.
I looked all over thé net for a solution. I tried retrieving the token from
thé cookie and stick it in a axios X XsrfToken header. It still sent me a
419 back.
Maybe i am missing some kind of configuration. I read today a Guy who had
it working bye setti g the option ''encrypted'' to TRUE bue i have not
tried that yet.
When i did the change inside the verifycsrftoken code as I described in thé
screenshot i get everything working properly using normal axios with auto
headers
Looking at the code i read it as it will check the token only if the method
''runingUnitTest'' returns TRUE... Which I found strange. So I put a NOT
in front of that condition and it started working liké a charm
Sorry i have a french autocorrector on m'y phone and it really IS a pain....
😂
Le mar. 14 nov. 2023, 13:09, Ben ***@***.***> a écrit :
… Are you using Axios on your front end to make requests? If so check the
Axios version you are using. If it is >= 1.6.0 the issue might be that Axios
fixed a CVE <https://github.com/axios/axios/releases/tag/v1.6.0> which
resulted in them no longer reading the XSRF-TOKEN cookie set by Sanctum
and therefore the X-XSRF-TOKEN header is missing on your post requests
which would be read by your VerifyCsrfToken middleware.
—
Reply to this email directly, view it on GitHub
<#49000 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF233BWFM5F35L7OO6RTYJ3YENNRBAVCNFSM6AAAAAA7KVMC6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJQGA4DMNZTHE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Hello!! update: I tested with axios 1.6.2. which did not solve the problem... you have any news bout this issue? |
Laravel Version
Latest
PHP Version
8.2.10
Database Driver & Version
Mariadb 10.24
Description
Csrf check using sanctum endpoint will not work unless i modify this in vendor/laravel/framework/sec/illuminate/fondation/http/middleware/VerifyCsrfToken.php
I added a ! On Line this->runningTestUnit
Steps To Reproduce
None
The text was updated successfully, but these errors were encountered: